3

I'd like to create a Job to kill the following pod every single minute or any time when is created.

My testing pod is:

apiVersion: v1
kind: Pod
metadata:
  name: myapp-pod
  labels:
    app: myapp
spec:
    containers: 
    -   name: myapp-container
        image: busybox
        command: ['sh', '-c', 'echo Hello && sleep 3600']

Is it possible to do that?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Nembone
  • 93
  • 8
  • 2
    Yes it is possible... pods can access the kube api so you could run one using the `kubectl` command to do it, but why? It sounds like you might be trying to stop something that should be stopped further up the chain, maybe explain what you are trying to stop – Matt Mar 15 '20 at 21:55
  • +1 to @Matt. Can do this fairly trivially with a CronJob running kubectl but it seems like a very bad idea and probably means you're doing something else wrong. – coderanger Mar 15 '20 at 22:09
  • @Matt yes indeed, actually im doing another experiment in Jenkins which is create a deployment but i just need it just for a few minutes because is just to show something and sadly that deployment needs to be cancele in Jenkins manually. TL;DR: 1) Jenkis create a deployment 2) Deployment (pod) is created 3) To cancel that pod is necesary to cancel Build in Jenkins manually 4) End of the pod So... my idea is create a CronJob to avoid step 3 and as soon as the pod is created deleted in 1 min. – Nembone Mar 15 '20 at 23:15
  • so did you go through this document https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/ and take a try first? – BMW Mar 16 '20 at 01:30
  • @Nembone Sure, I would usually leave management of something like that in the source jenkins job. I assume the job is waiting when you don't want it to.. but if you want to look at that side of the issue you would need to add the details of the jenkins deploy. – Matt Mar 16 '20 at 04:23

1 Answers1

6

Yes, you can delete the pods with kubectl within the cluster. First, you need to create a set of RBAC(Role-based access control) object. Here is the sample.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: test # this is service account for binding the pod
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: test # This defines a role and what API it can access
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["delete", "get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: test # This will bind the role and service account
subjects:
- kind: ServiceAccount
  name: test
roleRef:
  kind: Role 
  name: test 
  apiGroup: rbac.authorization.k8s.io

These objects will define a proper RABC rule so that the pod created can interact with Kubernetes's corresponding API. Then, you can define your Job with a Cronjob type like this.

apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: kill-pod
spec:
  schedule: "*/1 * * * *"
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: test
          containers:
          - name: kill-pod
            image: bitnami/kubectl:latest
            command:
            - kubectl
            args:
            - delete
            - pod
            - sth
          restartPolicy: OnFailure
Ryan Siu
  • 944
  • 4
  • 11